One mistaken click. That's all it took for hackers aligned with the Russian state security service to gain access to Yahoo's network and potentially the email messages and private information of as many as 500 million people.

On Jan. 6, weeks before he was due to become president, Donald Trump sat down with U.S. intelligence officials for a two-hour briefing at Trump Tower on cyberattacks conducted during the U.S. election. The meeting resulted in a pledge: a plan to counter cyberattacks against the U.S. within 90 days of taking office.

On Wednesday, President Trump marks his 90th day in office with no sign of a report or indication that one is on the way. That’s a surprise, given the recent string of successful, high-profile cyberattacks against the federal government.

U.S. President Donald Trump is extending by one year special powers introduced by former President Barack Obama that allow the government to issue sanctions against people and organizations engaged in significant cyberattacks and cybercrime against the U.S.

Executive Order 13694 was introduced on April 1, 2015, and was due to expire on Saturday, but the president sent a letter to Congress on Wednesday evening informing it of his plans to keep it active.

"Significant malicious cyber-enabled activities originating from, or directed by persons located, in whole or in substantial part, outside the United States, continue to pose an unusual and extraordinary threat to the national security, foreign policy, and economy of the United States," Trump wrote in the letter. "Therefore, I have determined that it is necessary to continue the national emergency declared in Executive Order 13694 with respect to significant malicious cyber-enabled activities."

The U.S. Federal Bureau of Investigation has charged four people, including two Russian state intelligence agents, for their involvement in a massive hack of Yahoo that affected half a billion accounts.

In September, Yahoo said hackers had managed to steal personal data on more than 500 million users during an attack in late 2014. The stolen data included names, email addresses, telephone numbers and hashed passwords. Blame for the attack was put on a "state-sponsored" group.

On Wednesday, the FBI said that group was the Russian Federal Security Service, the FSB, and it identified agents Dmitry Dokuchaev and Igor Sushchin as leaders of the attack.

President Donald Trump is due to sign an executive order Tuesday that gives each cabinet official more responsibility for the safety of data within their agency.

It will be accompanied by a government-wide review of cybersecurity by the Office of Management and Budget, looking at the technology in place that guards U.S. government systems from cyberattacks, according to a White House official.

The results of that review could lead to a government-wide upgrade of federal cybersecurity systems.

The U.S. government has been hit by hacks in the last few years. The State Department spent months trying to get rid of intruders in its unclassified network and the Office of Personnel Management lost personal information on millions of government workers through a second hack.

]]>https://www.csoonline.com/article/3163467/trump-to-sign-cybersecurity-order-calling-for-government-wide-review.html
US Park Service tweets were result of old Twitter passwordsWed, 25 Jan 2017 12:13:00 -0800Martyn WilliamsMartyn Williams

Two instances of tweets from U.S. National Park Service accounts that became political hot potatoes in the last few days were the result of bad password management, according to officials.

The first incident took place on inauguration day when the main National Park Service account retweeted images from a CNN reporter that compared unfavorably the crowd size at President Donald Trump's inauguration with that of President Barack Obama's in 2009.

When Trump began to openly dispute the images and smaller crowd sizes, the National Park Service deleted the retweet and apologized.

"We regret the mistaken RTs from our account yesterday and look forward to continuing to share the beauty and history of our parks with you," it said on Saturday.

The U.S. government has sanctioned Russia's main two intelligence agencies, four military intelligence officers and is kicking out 35 Russian diplomats over what it says was aggressive harassment of U.S. officials and cyber operations around the 2016 presidential election.

The move follows up on a pledge made by President Obama to retaliate against Russia for hacks of the Democratic National Committee and other political targets.

The U.S. also released a detailed assessment by the Federal Bureau of Investigation (FBI) and Department of Homeland Security (DHS) of the cyber attacks.

A Wednesday summit between some of the most powerful people in technology and U.S. president-elect Donald Trump covered a wide ground but avoided discussion on two of the biggest issues facing the industry: the use of encryption and government surveillance.

Trump's team called the meeting the start of "a conversation and partnership in order to spark innovation and create more jobs in the U.S." and said it could be repeated as often as once a quarter once he assumes the presidency.

Many in Silicon Valley had been vocal opponents of Trump prior to the election, but in meeting executives of the region's biggest companies on Wednesday, Trump sought to gain their support. In particular, he asked them for "specific innovative solutions that have been blocked by narrow thinking in Washington," his team said in a statement.

In his nomination of Representative Mike Pompeo to head the CIA, President-elect Donald Trump has picked someone who has supported NSA surveillance programs and has criticized Silicon Valley's stance on encryption.

Pompeo, a Republican from Kansas, is a former cavalry officer in the U.S. Army and a graduate of West Point military academy. He currently serves on the House Intelligence Committee and is perhaps best known for his role on the Benghazi committee that investigated Hillary Clinton.

But his committee assignment has also put him in the middle of several recent issues that have pitched the U.S. intelligence community against major tech companies.

A U.S. banking regulator says an employee downloaded a large amount of data from its computer system a week before he retired and is now unable to locate the thumb drives he stored it on.

The Office of the Comptroller of the Currency, which is a part of the Department of the Treasury, said the loss represented "a major information security incident" as it reported the case to Congress on Friday.

The data was taken in November 2015, but its loss was only discovered in September this year as the agency reviewed downloads to removable media devices in the last two years.

When Yahoo said on Thursday that data from at least 500 million user accounts had been hacked, it wasn't just admitting to a huge failing in data security -- it was admitting to the biggest hack the world has ever seen.

Until Thursday, the previous largest known hack was the 2008 breach that hit almost 360 million MySpace accounts, according to a ranking by the "Have I been pwned" website. Like the Yahoo breach, the hack was only publicly disclosed this year after data was offered on a hacker forum.

And only three breaches had ranked above the 100 million level:

LinkedIn reported a loss of 167 million email addresses and passwords. They were originally stolen in 2012 but not publicly disclosed until 2016, again after the data was offered on an underground "dark market" site.

Cisco Systems plans to lay off about 7 percent of its global workforce in a restructuring that will see it further focus on hot IT areas such as the internet of things, security, collaboration, next-generation data centers, and the cloud.

The move will cost the company around $700 million in redundancy payments to the roughly 5,500 staff who will be out of jobs in the coming months. The layoffs will hit some of Cisco's smaller and more mature business areas where long-term growth prospects are low, the company said.

"We expect to reinvest substantially all of the cost savings from these actions back into these businesses and will continue to aggressively invest to focus on our areas of future growth," Cisco said in a statement.

Russian cybercriminals have infiltrated systems at Micros, an Oracle division that is one of the world's biggest vendors of point of sale payment systems for shops and restaurants, according to an influential security blogger.

The hack has affected 700 computer systems at Micros and is thought to have begun with infiltration on a single machine at the company, said Brian Krebs on his Krebs on Security blog on Monday.

The incident is worrying for the potential size of the hack and the systems affected. Oracle acquired Micros in 2014, when it said Micros systems are used in more than 330,000 sites in 180 countries.

Kimpton Hotels, operator of boutique hotels across the U.S., is investigating reports of a possible payment card data breach. If confirmed, it would become the latest in a string of successful attacks on hotel chain operators in the last year.

The San Francisco-based company said it was "recently made aware of a report of unauthorized charges occurring on cards that were previously used legitimately at Kimpton properties."

As a result, it has hired a computer security firm to investigate whether its systems were compromised and guest data stolen. In the meantime, it advised guests to monitor their card statements for unauthorized charges.